Firewall Wizards mailing list archives
Possibility of replay attacks in manually keyed IPsec?
From: Mikael Olsson <mikael.olsson () enternet se>
Date: Fri, 03 Dec 1999 08:53:48 +0100
Hello, Quick question. I'm getting conflicting answers from different people, so I decided I'd hand it over to you guys: Is IPsec vulnerable to replay attacks when IKE is configured to use pre-shared keys, rather than basing the SA negotiation on certificates? I'd imagine that if IPsec itself uses fixed encryption keys, it would be vulnerable to replay attacks, but this is not the case. Here, we only handle fixed keys to IKE, so the fixed keys only get used in the SA negotiation. (If there is a vulnerability, is this a flaw in the algorithm, or just in someone's imlementation of it?) Thanks in advance, /Mike -- Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 ÖRNSKÖLDSVIK Phone: +46 (0)660 105 50 Fax: +46 (0)660 122 50 Mobile: +46 (0)70 248 00 33 WWW: http://www.enternet.se E-mail: mikael.olsson () enternet se
Current thread:
- Possibility of replay attacks in manually keyed IPsec? Mikael Olsson (Dec 03)
- Re: Possibility of replay attacks in manually keyed IPsec? Mikael Olsson (Dec 05)
- Re: Possibility of replay attacks in manually keyed IPsec? Steve Goldhaber (Dec 05)
- Re: Possibility of replay attacks in manually keyed IPsec? Stefan Norberg (Dec 05)
- Re: Possibility of replay attacks in manually keyed IPsec? Chris Cappuccio (Dec 06)
- Re: Possibility of replay attacks in manually keyed IPsec? Rick Smith (Dec 06)
- Re: Possibility of replay attacks in manually keyed IPsec? Mikael Olsson (Dec 07)
- <Possible follow-ups>
- RE: Possibility of replay attacks in manually keyed IPsec? Ben Nagy (Dec 05)